Cyberattacks and the C-Suite: 5 Strategies to Manage Cyber Risk

.@MMC_Global @FireEye Analysis: 23% have undergone a #cyberattack in the past 12 months.

Share

At this week's World Economic Forum Annual Meeting in Switzerland, Marsh & McLennan and Silicon Valley cybersecurity company FireEye, released a new report for business leaders and C-suite executives on cyber risk management. This report identifies five key trends in cloud computing, patching, spear-phishing emails, government engagement, and cyber crisis response, so business leaders, including those in major industries such as healthcare, can better manage dangerous, rapidly evolving cyber risks.

Executive Summary: A Word From FireEye's Chief Executive Officer and Marsh & McLennan's Executive Vice President and General Counsel

The cyber stakes changed for the c-suite in 2017. Nation states targeted private companies. Corporations lost billions in market capital. CEOs were toppled from office.

This is the new cyber reality.

In 2018, two emerging trends will complicate this dynamic even further—tough new regulations and frightening new vectors of attack.

FireEye and Marsh & McLennan, both leaders in our respective sectors, have collaborated to produce this cyber white paper specifically for c-suite executives and public company board members.

Executives and board members start on unfamiliar terrain in two ways. First, with limited exceptions, we are digital immigrants — not digital natives. We are more likely to have studied humanities in college than computer science. IT executives at our companies brief us, but, unlike so many other operational or financial areas, we may not have an intuitive feel for the right answer.

Second, throwing more money at the problem will not make this issue go away. Most companies can double their IT security budgets and still be exposed. The recently disclosed “Meltdown” and “Spectre” vulnerabilities — potentially impacting computers around the globe — highlight this point.

So we are all engaged in a race without a finish line. In this report, we share five tangible, and practical, suggestions for your consideration. Our collective objective is enhanced cyber resilience — not perfection.